Skip to main content

What Are Certificate Monitoring Profiles?

A Monitoring Profile defines validation and alerting settings that can be applied to one or more certificate monitors. Profiles let you configure how certificates are validated, when alerts are triggered, and where monitoring connections originate from.

Profile Settings

Profiles configure several key aspects of certificate monitoring. Expiration Alert Thresholds define up to 10 day values between 0 and 90 days. When a certificate's expiration reaches any threshold, the system sends an alert. Common configurations include 60, 30, 15, 7, and 0 days to provide advance warning at multiple intervals.

Private CA Verification allows you to specify one or more custom or internal Certificate Authorities to validate certificates against. This is essential for monitoring services that use private CAs, internal PKI infrastructure, or self-signed certificates. When no private CA is specified, certificates are validated against the standard public certificate trust stores.

Monitoring Agents optionally route checks through containerized agent instances deployed in your environment. This enables monitoring of hosts on private networks or behind firewalls. When multiple agents are selected, the system load balances requests between them.

Notification Settings let you enable or disable specific error conditions that generate alerts:

  • Expiration threshold alerts
  • Name verification failures (hostname mismatch)
  • CA verification failures (untrusted certificate chains)
  • Integrity or configuration failures
  • Connection failures
  • Missing or misconfigured DNS CAA records

Default Profile

Every account includes a Public Profile configured with standard settings for publicly trusted certificates. This default profile validates against public certificate authorities, uses standard expiration thresholds, and connects over the public internet. The default profile is marked as "Default Profile" in your profiles list and cannot be deleted.

Using Profiles

Profiles are assigned when creating or editing monitors. Multiple monitors can use the same profile, making it easy to apply consistent validation rules across similar services. The profiles list shows how many monitors are using each profile, helping you understand the impact of any profile changes.

Create separate profiles for different use cases like production services with strict thresholds, staging environments with relaxed alerting, internal services with private CAs, or services requiring access through specific monitoring agents. See best practices for profile strategy recommendations.